decentralized network 42

December 27, 2015

Recently I’ve been interested in BGP and stumbled across a thread on reddit that pointed me to a community called decentralized network 42, or dn42.

If you haven’t heard of dn42 it is essentially a private network that runs just like the real internet does, with BGP, peering, an Internet Registry (aka the registry), DNS root servers, and more. Joining the dn42 network usually means creating your own Autonomous System and peering with other users. There is a lot to learn from participating and it is a unique opportunity to experience BGP in a real world setting with plenty of challenges.

Links between peers are usually IPSec/GRE or OpenVPN peer-to-peer tunnels providing secure communications over the actual internet. A peering session involes the exchange of routes via BGP, including both IPv4 and IPv6.

dn42 has selected a few RFC1918 networks for IPv4 (172.20.0.0/16 and 172.22.0.0/15 as of this writing) and uses ULA addresses for IPv6.

The Registry

The dn42 registry is an important part of the network that contains listings of all subnets, autonomous systems, domains, etc,. It is typically modified using the web interface but the registry is actually a distributed monotone repository, with a few core users synchronizing with each other.

The registry is essentially the same thing as what Regional Internet Registries provide on the real internet, for example, the RIPE Database.

BGP

BGP is used to exchange routes between peers. BIRD and Quagga are common BGP daemons used on Linux. Quagga syntax is very similar to configuration on Cisco and BIRD is completely different but offers a large amount of customizability with filters. A simple configuration on BIRD with a peer looks like:

In addition there are filters available that add BGP communities to routes imported/exported to tag things such as latency, bandwidth, and security. BGP communities are inspected and used by network operators to choose the route with the lowest latency, for example.

Route origins are secured with Route Origin Authorizations (ROA). There is a script in the registry that will generate a BIRD configuration contaning IPv4 and IPv6 ROA tables. Routes can then be filtered out that have invalid origins.

The Future

There are always new developments in dn42 and things keep evolving.

For example, recently a few virtual Internet Exchange Points (IXP) have been created that lower the barrier to peering with others by using a route server rather than having to establish individual BGP sessions with everyone.

Join us!

The community is open for anyone to join, so come chat with us on the #dn42 channel on hackint.

Check out the Getting Started page on the wiki for a full walkthrough of joining the dn42 network. Happy Peering!